vegabook
How to encrypt a string using a pem-encoded public key (obtained from Python)
I’m communicating between Python and Elixir. Python reads my (Linux-standard, ssh-keygen with no options) ~/.ssh/id_rsa.pub, pem-encodes it, and sends it to Elixir via encrypted websocket. This is a (fake) version of it
pry(7)> key
"-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BEH6ycVAgMBAAE=\n-----END PUBLIC KEY-----\n"
(of course it’s much longer)
Now how do I use this plaintext pem public key, to encrypt a string say, “hello python”, so that I can send the encrypted version back via the same websocket, to be decoded python side using the local corresponding private key ~/.ssh/id_rsa.
Basically I’m looking for some way to get an industry standard cross-language public-private key interaction between Elixir and Python. There’s a lot on the web about pem vs der but I’m a bit confused by it.
(for guide I’m basically rolling my own python ↔ elixir authentication mechanism. If something that does this already exists, then happy to hear about it)
Marked As Solved
Also Liked
ErikNaslund
I completely get what you mean @vegabook. I too struggled longer than I’d like to admit before I got my assymetric RSA encryption working. Please see below for a module I wrote, that hopefully explains things well enough.
defmodule Ls.Crypto.Assymetric do
@moduledoc """
Functionality releated to assymetric encryption, e.g. public key encryption.
Create the keys used here in the following way:
# Public key.
openssl genrsa -out private.pem 2048
# Private key.
openssl rsa -in private.pem -pubout -out public.pem
"""
@encrypt_decrypt_opts [rsa_padding: :rsa_pkcs1_oaep_padding]
def encrypt_rsa(text, key_path) do
key = load_key(key_path, :RSAPublicKey)
:public_key.encrypt_public(text, key, @encrypt_decrypt_opts)
end
def decrypt_rsa(cipher_text, key_path) do
key = load_key(key_path, :RSAPrivateKey)
:public_key.decrypt_private(cipher_text, key, @encrypt_decrypt_opts)
end
defp load_key(key_path, expected_key_type) do
{:ok, raw_key} = File.read(key_path)
[enc_key] = :public_key.pem_decode(raw_key)
pem_entry = :public_key.pem_entry_decode(enc_key)
# Check that we loaded a key that's of the expected type (private vs public).
# It's an easy mistake to load the wrong key, so this check can
# save a lot of debugging time.
if elem(pem_entry, 0) != expected_key_type do
raise("Expected a key of type #{expected_key_type}, got #{elem(pem_entry, 0)}")
end
pem_entry
end
end
Caveats
-
A .pem file is a container format, so it can contain many different things. This is why we need to do the
:public_key.pem_decode/1and:public_key.pem_entry_decode/1. My code assumes the PEM file contains just a single key. -
It works on my machine and for my particular use case. It’s definitely not the most general, universally applicable way of doing things
.
vegabook
danj
I had the exact “fun” you’re talking about. Crypto is really interesting, deep and complex. Learning more about how any part of it works is well worth the effort (or rabbit hole). Good luck!
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance










